light_mode “Let your light shine before others.” — Matthew 5:16 (NET)

Christ-honoring DNS filtering

Bright, simple protection for the Church, families, and every believer.

GraceDNS keeps congregations, households, and individual devices focused on what is pure (Philippians 4:8 NET). Copy one endpoint, paste it anywhere, and enjoy a calm online life.

See the tiers Read the mission

We never log DNS queries. Use DNS-over-HTTPS or DNS-over-TLS whenever possible so every request reaches us over an encrypted tunnel.

church

The Church

Congregations and ministries can roll out filters with simple, printable endpoints.

family_restroom

Families

Parents set one tier on the router and every phone, TV, and tablet follows.

person

Individuals

Believers on the go can point laptops and phones to GraceDNS in under a minute.

Why we serve

Keeping the Church, families, and individuals holy, hopeful, and simple

GraceDNS exists for pastors, parents, and everyday believers who just want wholesome internet without a rocket science manual. We quiet the noise so disciples can delight in Jesus online and offline.

volunteer_activism

Serve the Church

Printable quick-starts help congregations and ministries deploy safe browsing without IT staff.

family_restroom

Equip Families

Three gentle tiers let parents choose the right balance of compatibility, conviction, and calm.

person

Empower Individuals

Simple instructions let any believer point a single phone or laptop to a Christ-honoring resolver.

school

Guide Classrooms

Small schools and co-ops can match each room to a tier without extra software or licenses.

Plans for every household

Choose the path that fits

Each tier builds on the last. Pick a profile, copy the endpoint, and paste it anywhere your device lets you set DNS.

Eden

Gentle baseline fed by broad malware, phishing, and tracker intelligence with a light-touch policy.

  • Cuts off payload delivery and credential traps
  • Silences trackers, analytics, and telemetry tied to those threats
  • Designed to keep breakage low on mixed networks
lan

Android Private DNS expects DNS-over-TLS format.

Sinai

Builds on Eden with explicit content, gambling, proxy/VPN bypass points, and piracy domains. SafeSearch enforced.

  • Extends Eden with explicit and wagering safeguards
  • Stops proxy, VPN, and encrypted-DNS bypass relays
  • lockBlocks piracy mirrors while forcing SafeSearch
lan

Most families start here for balanced safety and compatibility.

Zion

Everything in Sinai plus the most aggressive baseline and a dedicated sweep against full-spectrum advertising stacks.

  • Shuts down ad networks, telemetry, and push beacons
  • Keeps the malware, phishing, adult, gambling, piracy, and bypass blocks from earlier tiers
  • handshakeBest for chapels, kiosks, and mission displays with Eden/Sinai as fallback
lan

May break ad-funded apps. Keep Eden handy as a fallback.

Glory

Stacks Zion with an extreme wildcard sweep that silences telemetry brokers, referral loops, and device analytics for locked-down installs.

  • blockEverything from Zion plus a hand-curated wildcard sweep for stubborn telemetry and referral brokers
  • Microsoft 365 cores stay allowlisted, yet SSO prompts, WhatsApp avatars, smart-TV stores, and other conveniences may need manual review
  • Best for kiosks, chapels, or lab machines overseen by an admin ready to whitelist essentials
lan

This tier favors silence over convenience; keep Sinai or Zion handy whenever users need everyday browsing.

Setup in minutes

How to use GraceDNS

Copy the secure address that starts with https:// (DNS-over-HTTPS) or the DNS-over-TLS host if you are unsure. We never log DNS lookups, and these encrypted options keep every hop private end-to-end.

phone_android

Android Private DNS

Settings → Network & internet → Private DNS → "Private DNS provider hostname" → paste the hostname you copied from the tiers above.

phone_iphone

iOS & macOS

Install a secure DNS profile with the HTTPS address or edit Wi‑Fi DNS and paste the plain-text IPs from your selected profile.

laptop_windows

Windows 11

Settings → Network → Hardware properties → DNS server assignment → Manual → paste the HTTPS resolver you copied.

router

Routers & gateways

Point DNS to the plain-text IPv4/IPv6 pairs. Reboot devices to lock in protection everywhere.

Glory is intentionally brutal—expect Microsoft 365, Meta, and referral links to break. Always keep Sinai or Zion handy for normal browsing.

Clear convictions

What we filter

spa

Eden

  • Light-touch baseline for broad ads, tracking, and nuisance domains
  • Malware payload hosts and droppers
  • Credential-harvesting kits and phishing pages
  • Analytics and telemetry tied to those feeds
church

Sinai

  • Everything in Eden
  • Explicit content libraries
  • Gambling and wagering portals
  • Proxy, VPN, and encrypted-DNS bypass endpoints
  • Piracy and illegal distribution hubs
  • SafeSearch enforced everywhere
auto_stories

Zion

  • Everything in Sinai
  • Full-spectrum advertising stacks and retargeting networks
  • Cross-app analytics, telemetry, and push campaigns
shield_lock

Glory

  • Everything in Zion
  • Ultra-aggressive wildcard sweep for telemetry and referral brokers
  • Dedicated focus on Meta, Microsoft (non-core), and app-store tracking stacks
  • Expect breakage—plan allowlists and fallback tiers

Rooted in Scripture

One promise for Eden, Sinai, Zion, and Glory

“Whatever you do, in word or deed, do it all in the name of the Lord Jesus.”

This single call from Colossians 3:17 steers individuals, families, and the whole Church as we filter the web.

Colossians 3:17 (NET)

Support the mission

Help keep the internet clean for the Church

Generous gifts keep the filters current, fund infrastructure, and let us serve small congregations at no cost. Contributions are not tax-deductible, but they directly support our gospel-shaped goal of a clean internet.

Helps add new blocklists
Funds redundant resolvers
Serves small churches
Reach out to support

Need clarity?

Frequently asked questions

What’s the difference between tiers?

Eden is a light-touch baseline anchored by malware, phishing, and tracker intelligence; Sinai adds explicit, gambling, bypass, and piracy protections plus SafeSearch; Zion layers on the aggressive ad-network sweep; Glory piles an ultra-aggressive wildcard tier that crushes telemetry/referral brokers and demands careful allowlisting.

Will ad blocking break anything?

Often. Zion already interrupts monetized CDNs, telemetry calls, and certain login helpers—Glory goes even further by silencing referral chains, Meta logins, WhatsApp avatars, Xbox achievements, and many SSO helpers. Microsoft 365's core domains are allowlisted, but plan to drop to Sinai or Eden when a service expects tracking to function.

Which tier should families start with?

Start with Sinai so explicit, gambling, bypass, and piracy hosts stay blocked; keep Eden for devices that need near-zero breakage, use Zion for chapels, kiosks, or study spaces that demand ad-free screens, and reserve Glory for locked-down installs with an admin ready to maintain allowlists.

What data do you see?

Resolvers must see the domains you ask for, but we immediately drop them—no logs, analytics, or sales. Use the DNS-over-HTTPS or DNS-over-TLS endpoints so only you and GraceDNS can read the requests in transit.

How do I switch tiers?

Change the dropdown above, copy the new endpoint, and paste it into your device or router. No reboot required on most phones.

Is this only for churches?

No. GraceDNS is free for homes, ministries, and small schools. Businesses can reach out for a conversation.

Stewardship

GraceDNS is owned by Ole Brook Web Services

Ole Brook Web Services, based in Mississippi, crafts dependable tools for churches and small businesses. GraceDNS is one of our gifts to the wider Body of Christ.

Visit olebrookwebservices.com
Copied to clipboard.